Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Control Tower dependency to other regions?

0

My customer wanted to launch the Control Tower in eu-west-1 but the launch failed. After he went through the support case, the identified problem was that the customer has disabled STS (in IAM) for all regions except eu-west-1 and the global one (us-east-1). He needed to additionally enable us-east-2 and us-west-2 regions.

He is asking why he needs to enable us-east-2 and us-west-2 for Control Tower when he is not using these regions? Is there some dependency that Control Tower has to these regions?

Thanks

Argomenti
Gestione e amministrazione
Tag
AWS Control Tower
Lingua
English
AWS-User-4352210
posta 4 anni fa559 visualizzazioni
1 Risposta
0
Risposta accettata

Control tower rolls out Guard rails in these 4 regions.

You can see this e.g. when you look at the Cloudformation StackSets in the CT payer account, like AWSControlTowerBP-BASELINE-CONFIG. This StackSet contains stack instances for every managed accounts in these 4 regions.

If STS is disabled in these regions then CloudFormation cannot assume the right role to deploy the template and therefore your account deployment / baselining will fail.

ESPERTO
Andreas Seemueller
con risposta 4 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente